openvex

affected

Match on any statements listed as affected.

from-csaf

Convert a Common Security Advisory Framework (CSAF) version 2.0 document into an OpenVEX document.

from-guac

Produce an OpenVEX report based on an Guac query response.

You can combine this with other patterns to check if a given package has any known vulnerabilities:

pattern vuln = uri::purl(guac::certify-vulnerability(openvex::from-guac(openvex::not-affected)))

from-osv

Produce an OpenVEX report based on an Open Source Vulnerability (OSV) response.

You can combine this with other patterns to check if a given package has any known vulnerabilities:

pattern not-vulnerable = uri::purl(osv::scan-purl(openvex::from-osv(openvex::not-affected)))

merge

Merge multiple OpenVEX documents into one.

not-affected

Enforce that there are no statements considered affecting.

statement

valid

Pattern matching a well-formed OpenVEX document.